.. / CVE-2024-6922

Exploit for Automation Anywhere Automation 360 - Server-Side Request Forgery (CVE-2024-6922)

Description:

Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.

Nuclei Template

View the template here CVE-2024-6922.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-6922.yaml
Copy

References:

https://www.automationanywhere.com/products/automation-360
https://nvd.nist.gov/vuln/detail/CVE-2024-6922
https://www.rapid7.com/blog/post/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/